OpenScraper icon indicating copy to clipboard operation
OpenScraper copied to clipboard

Published 20 hours ago verified publisher icon entrepreneur-interet-general

Password are stored unobfuscated

Open thibault opened this issue 6 years ago • 1 comments

Unless I'm mistaken, I noticed that user passwords are stored unobfuscated in the database.

It looks like a quite annoying issue.

Passwords should be salted and hashed using a bruteforce resistant hashing function like pbkdf2.

thibault avatar Nov 28 '18 14:11 thibault

This was not supposed to stay that way, but ... too many things to do for so short time ...

Still... yes it's a problem to fix quite quickly, but the thing is : we already have some users (not that much, we could re-enter the infos to recreate them), and more importantly if someone forgets its password there is currently not process in place to retrieve someone's password (for instance by sending an email with a protected route) ...

I put some ideas to fix that with the existing users here : https://github.com/entrepreneur-interet-general/OpenScraper/issues/46

JulienParis avatar Dec 04 '18 00:12 JulienParis